A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104070 | Third Party Advisory VDB Entry |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119 | Patch Vendor Advisory |
https://tools.cisco.com/security/center/viewAlert.x?alertId=57754&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Microsoft%20Azure%20IoT%20SDK%20AMQP%20Transport%20Library%20Spoofing%20Vulnerability&vs_k=1 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2018-05-09T19:00:00
Updated: 2018-05-10T09:57:01
Reserved: 2018-03-14T00:00:00
Link: CVE-2018-8119
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-09T19:29:01.230
Modified: 2018-06-18T16:39:22.387
Link: CVE-2018-8119
JSON object: View
Redhat Information
No data.
CWE